Home

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.

PUBLISHED Reserved 2024-10-03 | Published 2024-10-05 | Updated 2024-10-07 | Assigner wikimedia-foundation




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

1.42.x (semver) before 1.42.2
affected

1.41.x (semver) before 1.41.3
affected

1.39.x (semver) before 1.39.9
affected

Credits

RhinosF1 finder

BlankEclair finder

References

phabricator.wikimedia.org/T368628

phabricator.wikimedia.org/T369486

gerrit.wikimedia.org/...3d8d50fc978bdac58e2b312ee03324c1edc8

cve.org (CVE-2024-47841)

nvd.nist.gov (CVE-2024-47841)

Download JSON